Vulnerability-Lookup

MSRC_CVE-2026-45585

Vulnerability from csaf_microsoft - Published: 2026-05-12 07:00 - Updated: 2026-06-09 07:00

Summary

Windows BitLocker Security Feature Bypass Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-45585

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Fixed 8 products

Product	Identifier	Version	Remediation
Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.32860 Windows 11 Version 24H2 for ARM64-based Systems		10.0.26100.32860
Windows 11 Version 24H2 for x64-based Systems 10.0.26100.8457 Windows 11 Version 24H2 for x64-based Systems		10.0.26100.8457
Windows Server 2025 10.0.26100.8457 Windows Server 2025		10.0.26100.8457
Windows Server 2025 (Server Core installation) 10.0.26100.8457 Windows Server 2025 (Server Core installation)		10.0.26100.8457
Windows 11 Version 25H2 for ARM64-based Systems 10.0.26200.8457 Windows 11 Version 25H2 for ARM64-based Systems		10.0.26200.8457
Windows 11 Version 25H2 for x64-based Systems 10.0.26200.8457 Windows 11 Version 25H2 for x64-based Systems		10.0.26200.8457
Windows 11 version 26H1 for x64-based Systems 10.0.28000.2269 Windows 11 version 26H1 for x64-based Systems		10.0.28000.2269
Windows 11 Version 26H1 for ARM64-based Systems 10.0.28000.2269 Windows 11 Version 26H1 for ARM64-based Systems		10.0.28000.2269

Known affected 8 products

Product	Version	Remediation
Windows 11 Version 26H1 for ARM64-based Systems <10.0.28000.2269 Windows 11 Version 26H1 for ARM64-based Systems	<10.0.28000.2269	Vendor Fix fix
Windows 11 version 26H1 for x64-based Systems <10.0.28000.2269 Windows 11 version 26H1 for x64-based Systems	<10.0.28000.2269	Vendor Fix fix
Windows 11 Version 25H2 for x64-based Systems <10.0.26200.8457 Windows 11 Version 25H2 for x64-based Systems	<10.0.26200.8457	Vendor Fix fix
Windows 11 Version 25H2 for ARM64-based Systems <10.0.26200.8457 Windows 11 Version 25H2 for ARM64-based Systems	<10.0.26200.8457	Vendor Fix fix
Windows Server 2025 (Server Core installation) <10.0.26100.8457 Windows Server 2025 (Server Core installation)	<10.0.26100.8457	Vendor Fix fix
Windows Server 2025 <10.0.26100.8457 Windows Server 2025	<10.0.26100.8457	Vendor Fix fix
Windows 11 Version 24H2 for x64-based Systems <10.0.26100.8457 Windows 11 Version 24H2 for x64-based Systems	<10.0.26100.8457	Vendor Fix fix
Windows 11 Version 24H2 for ARM64-based Systems <10.0.26100.32860 Windows 11 Version 24H2 for ARM64-based Systems	<10.0.26100.32860	Vendor Fix fix

Threats

Impact Security Feature Bypass

Exploit Status Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
      },
      {
        "category": "self",
        "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45585.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Windows BitLocker Security Feature Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2026-06-09T07:00:00.000Z",
      "generator": {
        "date": "2026-06-09T18:07:33.355Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-45585",
      "initial_release_date": "2026-05-12T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-19T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-05-20T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated **Step 2** of the first mitigation. This is an informational change only."
        },
        {
          "date": "2026-05-21T07:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script."
        },
        {
          "date": "2026-05-21T07:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Fixed a typographical error. This is an information change only."
        },
        {
          "date": "2026-05-21T07:00:00.000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Updated the script in the FAQ section to make it language agnostic.  Microsoft recommends customers to recopy the script and then run it to enable the mitigation."
        },
        {
          "date": "2026-06-09T07:00:00.000Z",
          "legacy_version": "2",
          "number": "6",
          "summary": "Added links to June 2026 Windows security updates.  Microsoft recommends installing this updates as soon as possible."
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.8457",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) \u003c10.0.26100.8457",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.8457",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) 10.0.26100.8457",
              "product_id": "12437"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025 (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26200.8457",
            "product": {
              "name": "Windows 11 Version 25H2 for ARM64-based Systems \u003c10.0.26200.8457",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26200.8457",
            "product": {
              "name": "Windows 11 Version 25H2 for ARM64-based Systems 10.0.26200.8457",
              "product_id": "20437"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 25H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26200.8457",
            "product": {
              "name": "Windows 11 Version 25H2 for x64-based Systems \u003c10.0.26200.8457",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26200.8457",
            "product": {
              "name": "Windows 11 Version 25H2 for x64-based Systems 10.0.26200.8457",
              "product_id": "20438"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 25H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.32860",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems \u003c10.0.26100.32860",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.32860",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.32860",
              "product_id": "12389"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.8457",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems \u003c10.0.26100.8457",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.8457",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems 10.0.26100.8457",
              "product_id": "12390"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.8457",
            "product": {
              "name": "Windows Server 2025 \u003c10.0.26100.8457",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.8457",
            "product": {
              "name": "Windows Server 2025 10.0.26100.8457",
              "product_id": "12436"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.28000.2269",
            "product": {
              "name": "Windows 11 version 26H1 for x64-based Systems \u003c10.0.28000.2269",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.28000.2269",
            "product": {
              "name": "Windows 11 version 26H1 for x64-based Systems 10.0.28000.2269",
              "product_id": "20853"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 version 26H1 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.28000.2269",
            "product": {
              "name": "Windows 11 Version 26H1 for ARM64-based Systems \u003c10.0.28000.2269",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.28000.2269",
            "product": {
              "name": "Windows 11 Version 26H1 for ARM64-based Systems 10.0.28000.2269",
              "product_id": "20854"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 26H1 for ARM64-based Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45585",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.",
          "title": "What kind of security feature could be bypassed by successfully exploiting this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Yes. This script is an interim security fix that helps to reduce the risk of exploitation of the vulnerability.\nThe script is for WinRE and removes autofstx.exe from the BootExecute registry value. Since BootExecute runs programs very early in boot (even in recovery mode), removing this entry prevents that executable from running in a high\u2011privilege environment, reducing risk.\nIt works by mounting the WinRE image, editing its offline SYSTEM registry to remove the entry if present, then safely committing changes and re\u2011sealing WinRE so BitLocker trust remains intact.\nIt\u2019s designed to be safe\u2014if the autofstx.exe entry isn\u2019t there, it exits without making changes.",
          "title": "Is there a script that I can copy and paste to implement a mitigation?"
        }
      ],
      "product_status": {
        "fixed": [
          "12389",
          "12390",
          "12436",
          "12437",
          "20437",
          "20438",
          "20853",
          "20854"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
        },
        {
          "category": "self",
          "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45585.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T07:00:00.000Z",
          "details": "10.0.26100.8457:Security Update:https://support.microsoft.com/help/5089549",
          "product_ids": [
            "5",
            "7",
            "6"
          ],
          "url": "https://support.microsoft.com/help/5089549"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-19T07:00:00.000Z",
          "details": "10.0.26200.8457:Security Update:https://support.microsoft.com/help/5089549",
          "product_ids": [
            "4",
            "3"
          ],
          "url": "https://support.microsoft.com/help/5089549"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-19T07:00:00.000Z",
          "details": "10.0.26100.32860:Security Update:https://support.microsoft.com/help/5087539",
          "product_ids": [
            "8"
          ],
          "url": "https://support.microsoft.com/help/5087539"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-19T07:00:00.000Z",
          "details": "10.0.28000.2269:Security Update:https://support.microsoft.com/help/5095051",
          "product_ids": [
            "2",
            "1"
          ],
          "url": "https://support.microsoft.com/help/5095051"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "WORKAROUND",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Security Feature Bypass"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely"
        }
      ],
      "title": "Windows BitLocker Security Feature Bypass Vulnerability"
    }
  ]
}

CVE-2026-45585 (GCVE-0-2026-45585)

Vulnerability from cvelistv5 – Published: 2026-05-19 23:30 – Updated: 2026-06-19 16:13

Title

Windows BitLocker Security Feature Bypass Vulnerability

Summary

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

microsoft

References

2 references

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch
https://github.com/Nightmare-Eclipse/YellowKey	exploit

Impacted products

5 products

Vendor	Product	Version
Microsoft	Windows 11 Version 24H2	Affected: 10.0.26100.0 , < 10.0.26100.8655 (custom)
Microsoft	Windows 11 Version 25H2	Affected: 10.0.26200.0 , < 10.0.26200.8655 (custom)
Microsoft	Windows 11 version 26H1	Affected: 10.0.28000.0 , < 10.0.28000.2269 (custom)
Microsoft	Windows Server 2025	Affected: 10.0.26100.0 , < 10.0.26100.32995 (custom)
Microsoft	Windows Server 2025 (Server Core installation)	Affected: 10.0.26100.0 , < 10.0.26100.32995 (custom)

Date Public

2026-05-19 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45585",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:18.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Nightmare-Eclipse/YellowKey"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.8655",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 25H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26200.8655",
              "status": "affected",
              "version": "10.0.26200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 version 26H1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.28000.2269",
              "status": "affected",
              "version": "10.0.28000.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32995",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32995",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32995",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.26200.8655",
                  "versionStartIncluding": "10.0.26200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.26100.8655",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32995",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.28000.2269",
                  "versionStartIncluding": "10.0.28000.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-19T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \u0026quot;YellowKey\u0026quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.\nMitigation FAQs\nShould I leverage the temporary mitigation?\nMicrosoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization\u2019s employees take their work devices home or on business travel.\nWhat impact to service availability/management could be caused by implementing the mitigations?\nImplementing these mitigations will not impact service availability or management operations.\nDo customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?\nNo. The security update will maintain the mitigation\u0027s behavior once the security update is installed.\nI am using TPM+PIN, am I at risk of this vulnerability being exploited\nNo, if you are using TPM+PIN the vulnerability is not exploitable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T16:13:21.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows BitLocker Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
        }
      ],
      "title": "Windows BitLocker Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-45585",
    "datePublished": "2026-05-19T23:30:26.247Z",
    "dateReserved": "2026-05-12T19:55:45.729Z",
    "dateUpdated": "2026-06-19T16:13:21.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2026-45585

CVE-2026-45585 (GCVE-0-2026-45585)

Tags

Sightings

Nomenclature